CVE-2018-0949 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2018-0949

Analyzed

More Info Official Page

Source-secure@microsoft.com

Published At-11 Jul, 2018 | 00:29

Updated At-03 Oct, 2019 | 00:03

A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:P/I:N/A:N

CPE Matches

Microsoft Corporation

>>windows_server_2012>>*

cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

Microsoft Corporation

>>internet_explorer>>10

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>-

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1607

cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1703

cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1709

cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_10>>1803

cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*

Microsoft Corporation

cpe:2.3:o:microsoft:windows_7:*:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_8.1>>*

cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_rt_8.1>>*

cpe:2.3:o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>r2

cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2012>>r2

cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2016>>-

cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*

Microsoft Corporation

>>internet_explorer>>11

cpe:2.3:a:microsoft:internet_explorer:11:*:*:*:*:*:*:*

Microsoft Corporation

>>windows_server_2008>>-

cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*

Microsoft Corporation

>>internet_explorer>>9

cpe:2.3:a:microsoft:internet_explorer:9:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/104622	secure@microsoft.com	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041258	secure@microsoft.com	Third Party Advisory VDB Entry
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0949	secure@microsoft.com	Patch Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/104622

Source: secure@microsoft.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: http://www.securitytracker.com/id/1041258

Source: secure@microsoft.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0949

Source: secure@microsoft.com

Resource:

Patch

Vendor Advisory